Note that his allows the users to pass any argument to the /path/to/bridge program. Add "" at the end of the line to forbid passing any arguments.

For easier user management, you may prefer to define a group of users who are allowed to control the bridge. Replace alice, bill by %bridgers where bridgers is the name of the group.

Inside the bridge program, $SUDO_UID is the user ID of the user who invoked sudo. If the program requires that user to be in the USER variable, write a small wrapper shell script that sets USER=$SUDO_UID.

As I mentioned in my question, I don't want to give the users sudo rights; this would mess up some things in the program which are based on the $USER enviroment variable, not to mention I give them unlimited rights in the system :)
–
ClaudiuFeb 20 '12 at 12:56

3

@Claudiu I just wanted to get sure, that you know that you can limit the commands which can be run by sudo. If the allowed commands have no security issues, you would not provide unlimited rights to the users.
–
jofelFeb 20 '12 at 13:06

So, I guess I should put "eth" instead of "tun"? And "eth0"/"eth1"/"eth2" instead of "net/%k"?
–
ClaudiuFeb 20 '12 at 12:53

but until reboot you have to chmod/chown manually. By the way, what are the files on which I should chown/chmod?
–
ClaudiuFeb 20 '12 at 13:06

The example with tun device doesn't work with real network adapters. Use sudo for your problem, you can define command alias and group alias as well in /etc/sudoers, plus you will get logging for each usages of sudo ;)
–
Jiri XichtknihaFeb 20 '12 at 15:57